Date: Mon, 25 Aug 2003 18:49:49 -0700 From: K Anderson <freebsduser@comcast.net> To: FreeBSD Questions <questions@FreeBSD.ORG> Subject: IPFW & ICMP Message-ID: <3F4ABCBD.6030600@comcast.net>
next in thread | raw e-mail | index | archive | help
Howdy folks, I've been getting bombarded with ICMP (Cyberkit 2.2 attack) stuff and created a rule in ipfw to firewall it. The rule is working, I am getting measured stats but the problem is snort is seeing them and reporting them. I thought that by firewalling ICMP snort would stop noticing them. If I'm wrong in my asumption I would certainly like to hear it. Here is the fierwall rule I applied. deny log icmp from any to me via ed0 There are some TCP and IP rules above that but I don't see that causing anything to skip over the ICMP rule. And snort is seeing them as I did a quick search through ACID. Thanks in advance.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F4ABCBD.6030600>